EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001
Security Requirements Authentication -Ensures that the sender and the receiver are who they are claiming to be Data integrity -Ensure that data is not changed from source to destination Confidentiality -Ensures that data is red only by authorized users Non-repudiation -Ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message (not discussed in this lecture)
Cryptographic Algorithms Security foundation: cryptographic algorithms -Secret key cryptography, Data Encryption Standard (DES) -Public key cryptography, RSA algorithm -Message digest, MD5
Symmetric Key Both the sender and the receiver use the same secret keys Internet Encrypt with secret key Decrypt with secret key Plaintext Ciphertext
Data Encryption Standard (DES) DES encrypts a 64-bit block of plain text using a 64-bit key Three phases 1.Permute the 64 bits in the block 2.Apply a given operation 16 times on the 64 bits 3.Permute the 64 bits using the inverse of the original permutation Round 1 Round key 1 st phase 3 rd phase 2 nd phase
Operation in Each Round of 2 nd Phase Key is 56 bits Each round the key is modified and 48 bits are selected from it. Given result K i, the following operations are performed + F KiKi L i-1 R i-1 LiLi RiRi
Encrypting Larger Messages Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext + Block 1 Cipher 1 DES + Block 2 DES + Block 3 DES + Block 4 DES Cipher 2 Cipher 3 Cipher 4 IV
Discussion Can provide confidentiality No mathematical proof, but practical evidence suggests that decrypting a message without knowing the key requires exhaustive search To increase security use triple-DES, i.e., encrypt the message three times
RSA (Rivest, Shamir, and Adleman) Sender uses a public key Receiver uses a private key Internet Encrypt with public key Decrypt with private key Plaintext Ciphertext
Generating Public and Private Keys Choose two large prime numbers p and q (~ 256 bit long) and multiply them: n = p*q Chose encryption key e such that e and (p-1)*(q-1) are relatively prime Compute decryption key d, where d = e -1 mod ((p-1)*(q-1)) Construct public key from pair (n, e) Construct private key from pair (d, n)
RSA Encryption and Decryption Encryption: -c = m e mod n Decryption: -m = c d mod n
Example Choose p = 7 and q = 11 n = p*q = 77 Compute encryption key e: (p-1)*(q-1) = 6*10 = 60 chose e = 13 (13 and 60 are relatively prime numbers) Compute decryption key d: d = mod 60 13*d mod 60 = 1 mod 60 d = 37 (37*13 = 481)
Example (cont’d) n = 77; e = 13; d = 37 Send message m = 7 Encryption: c = m e mod n = 7 13 mod 77 = 35 Decryption: m = c d mod n = mod 77 = 7
Discussion Can provide confidentiality A receiver A computes n, e, d, and sends out (n, e) -Everyone who wants to send a message to A uses (n, e) to encrypt it How difficult is to recover d ? (Someone that can do this can decrypt any message sent to A !) Recall that d = e -1 mod ((p-1)*(q-1)) So to find d, you need to find primes factors p and q -This is provable very difficult
Message Digest (MD) 5 Can provide data integrity -Used to verify the authentication of a message Idea: compute a hash on the message and send it along with the message Receiver can apply the same hash function on the message and see whether the result coincides with the received hash
MD 5 (cont’d) Basic property: digest operation very hard to invert - in practice someone cannot alter the message without modifying the digest Internet Digest (MD5) Plaintext digest Digest (MD5) = digest’ NO corrupted msg Plaintext
Message Digest Operation Transformation contains complex operations (see textbook, page 583) 512 bits Message (padded) Initial digest (constant) Transformation... Message digest
Authentication Goal: Make sure that the sender an receiver are the ones they claim to be Two solutions based on secret key cryptography (e.g., DES) -Three-way handshaking -Trusted third party One solution based on public key cryptography (e.g., RSA) -Public key authentication
Simple Three-Way Handshaking E(m,k) – encrypt message m with key k D(m,k) – decrypt m with key k CHK and SHK – client and server shared secrete keys SK – session key used for data communication -This reduces the number of messages containing CHK and SHK Question: how are CHK and SHK communicated in the first place? clientId, E(x, CHK) E(x+1, SHK), E(y,SHK) E(y+1, CHK) E(SK,SHK) client server
Trusted Third Party Trust a third party entity, authentication server -E.g., Kerberos protocol Scenario: A wants to communicate with B Assumption: both A and B share secrete keys with S: K A and K B Notations: -T: timestamp (also serves the purpose of a random number) -L: lifetime of the session -K: session’s key
Trusted Third Party (cont’d) A,B E(T+1,K) E((T,L,K,B),K A ) E((T,L,K,A),K B ) E((A,T),K A ) E((T,L,K,A),K B ) S AB
Public Key Authentication Based on public key cryptography Each side need only to know the other side’s public key -No secrete key need to be shared A encrypts a random number x and B proves that it knows x A can authenticate itself to be in the same way E(x, Public B ) x A B